CVE-2007-3381
Published: 7 August 2007
The GDM daemon in GNOME Display Manager (GDM) before 2.14.13, 2.16.x before 2.16.7, 2.18.x before 2.18.4, and 2.19.x before 2.19.5 does not properly handle NULL return values from the g_strsplit function, which allows local users to cause a denial of service (persistent daemon crash) via a crafted command to the daemon's socket, related to (1) gdm.c and (2) gdmconfig.c in daemon/, and (3) gdmconfig.c and (4) gdmflexiserver.c in gui/.
Notes
Author | Note |
---|---|
kees | local denial of service (many other ways to cause local DoS) |
Priority
Status
Package | Release | Status |
---|---|---|
gdm Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
edgy |
Ignored
(end of life, was needed)
|
|
feisty |
Ignored
(end of life, was needed)
|
|
gutsy |
Released
(2.20.0-0ubuntu1)
|
|
hardy |
Released
(2.20.0-0ubuntu1)
|
|
intrepid |
Released
(2.20.0-0ubuntu1)
|
|
jaunty |
Released
(2.20.0-0ubuntu1)
|
|
upstream |
Needs triage
|